Since all the RADIUS servers I've used (FreeRadius, Radiator, Cisco Access
Registrar) support authenticating against a number of different identity
storage backends (LDAP, RDBMSs, etc.) ... it would be interesting to know
what RADIUS server this is, and why you can't instead authenticate against
the same backend store that it uses ...

To me it really seems like you are doing one thing the wrong way around
because you have something else doing things the wrong way around.

The backend against which RADIUS authenticatate could be used, and it will
prbbaly be in the future, but that require major refactoring of some IT mess,
which is not in the short terms gaols.

Of course that RADIUS story is not The Right Way, but it is what I need right
now. This is the real world, you know...

There is a (limited) number of documented masters of "the real world"
subscribing to this list on a regular basis and Buchan Milne is one of
them; indeed I personally am (and my sites are) indebted to him for his
work. Nuff said.

You could, at least, answer his question and tell him why you need to
proceed in the obtuse manner you demonstrate instead of waving his
question airily away with the argument: that your needs "require major
refactoring of some IT mess, which is not in the short terms gaols".